Top issues
Problem
Software developers use programming and design knowledge to build reusable software components. Software components are the basic building blocks for modern applications. Software consumed by an enterprise consists of hundreds, and sometimes even thousands of open source components. Open source communities depend on the work of thousands of software developers that volunteer their time to maintain software components. While the majority of open source contributors are altruistic and trustworthy, some software developers have a history of making harmful changes to the projects they maintain. Changes that are considered harmful include destructive and disruptive actions, and other developer behaviors that might cause them to be considered untrustworthy in their community. Code written by these software developers should be put under higher degree of scrutiny, and continuously reviewed for unexpected changes.Prevalence in npm community
0 packages
found in
Top 100
5 packages
found in
Top 1k
45 packages
found in
Top 10k
3626 packages
in community
Next steps
Investigate reported detections.
You should consider delaying the software release until the investigation is completed, or until the issue is risk accepted.
Consider replacing the software component with an alternative.
Problem
Software components contain executable code that performs actions implemented during its development. These actions are called behaviors. In the analysis report, behaviors are presented as human-readable descriptions that best match the underlying code intent. While most behaviors are benign, some are commonly abused by malicious software with the intent to cause harm. When a software package shares behavior traits with malicious software, it may become flagged by security solutions. Any detection from security solutions can cause friction for the end-users during software deployment. While the behavior is likely intended by the developer, there is a small chance this detection is true positive, and an early indication of a software supply chain attack.Prevalence in npm community
0 packages
found in
Top 100
0 packages
found in
Top 1k
1 packages
found in
Top 10k
1375 packages
in community
Next steps
Investigate reported detections.
If the software intent does not relate to the reported behavior, investigate your build and release environment for software supply chain compromise.
You should delay the software release until the investigation is completed, or until the issue is risk accepted.
Consider rewriting the flagged code without using the marked behaviors.
Top behaviors
The software package was developed by a user known for distributing destructive protestware packages.
anomaly
Prevalence in npm community
Behavior commonly used by malicious software (Important)
Behavior often found in this community (Common)
0 packages
found in
Top 100
5 packages
found in
Top 1k
45 packages
found in
Top 10k
3626 packages
in community
Might contain potentially obfuscated code or data.
anomaly
Prevalence in npm community
Behavior often found in this community (Common)
21 packages
found in
Top 100
136 packages
found in
Top 1k
1248 packages
found in
Top 10k
390529 packages
in community
Encodes data using the Base64 algorithm.
packer
Prevalence in npm community
Behavior often found in this community (Common)
7 packages
found in
Top 100
61 packages
found in
Top 1k
956 packages
found in
Top 10k
319930 packages
in community
Decodes data using the Base64 algorithm.
packer
Prevalence in npm community
Behavior often found in this community (Common)
6 packages
found in
Top 100
44 packages
found in
Top 1k
657 packages
found in
Top 10k
175209 packages
in community
Executes files during installation or upon launch.
execution
Prevalence in npm community
No behavior prevalence information at this timeTop vulnerabilities
No vulnerabilities found.